CVE-2008-6511

Igniterealtime Openfire < 3.6.0a - Improper Input Validation

Title source: rule

Description

Open redirect vulnerability in login.jsp in Openfire 3.6.0a and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Andreas Kurtz · textwebappsjsp

https://www.exploit-db.com/exploits/7075

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7075

Exploit x_refsource_misc

http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/498162/100/0/threaded

Scores

EPSS 0.0347

EPSS Percentile 87.6%

Details

CWE

CWE-20

Status published

Products (25)

igniterealtime/openfire 2.6.0

igniterealtime/openfire 2.6.1

igniterealtime/openfire 2.6.2

igniterealtime/openfire 3.0.0

igniterealtime/openfire 3.0.1

igniterealtime/openfire 3.1.0

igniterealtime/openfire 3.1.1

igniterealtime/openfire 3.2.0

igniterealtime/openfire 3.2.1

igniterealtime/openfire 3.2.2

... and 15 more

Published Mar 23, 2009

Tracked Since Feb 18, 2026